A few months ago, I received an alarming email from someone named Julian Diggle who claimed to have discovered a password that I used on social networking accounts on an adult website. "You visited this website for fun," he wrote. He claimed to have entered my computer, taken control of my webcam and made a short movie in which I was having fun. "It tastes great, OMG," he told me. "Now there are only two alternatives," he continued. If I ignored his email, he would send his short documentary to everyone on my contact list. He asked me to imagine how "disastrous" that would be, especially because "you must be in a love relationship." The second option was to pay him a thousand dollars (€ 900) in bitcoin. I was sure that couldn't be true – I hadn't had fun in years. On the other hand, this person had my password. What if Diggle had filmed me staring at my computer with his mouth open and pasted this scene to others in a scorching adult movie and sent the video to my mom and boss at The Times? Well, my mother should have a hard time opening it.
But what would happen next? "The porno email!" Exclaimed Kate Fazzini, as if recognizing an old friend she had seen at the other end of the room. "It's very common. It's sextortion with an emphasis on sex." Fazzini, 39, is a cybersecurity teacher, once a journalist and writer on cyber warfare for The Wall Street Journal and was also a soldier, fighting in the ranks of a large bank's security team. Now works for CNBC. She meets many hackers on the other side: the carders who steal credit card numbers, the ransomware teams, the Diggles of this world. Written almost as if it were a novel, Fazzini's new book, Kingdom of Lies (Unnerving Adventures in the World of Cybercrime, published by Oneworld, Kingdom of Lies), gives us a vivid account of how these groups of black hat hackers from Romania to China extort money from individuals like you and me or the most powerful Wall Street banks, and as white hats are trying to stop these people who can block global companies and produce digital campaigns to influence popular opinion. We met at a sushi restaurant in Queens, New York, with good wifi.
Kate Fazzini is sitting by the window, working on her laptop, with two phones resting on the table. Fazzini explains to me the scheme of Diggle and his porno email. Here's how it works: A hacking attack on a large social network, website, or bank exposes a series of email addresses and passwords that are sold on the dark web, the Internet space that acts as an encrypted network, protected from the prying eyes of search engines. All Diggle and his colleagues did was visit a dark web forum and buy some passwords, you know. Then they tell us they are inside our computers, watching our every move. "There is no hacking whatsoever. We are so afraid that our computers are watching us that we believe in these crazy things that they claim to be possible. We are so afraid that we fall into the spill." These emails make a lot of money, Fazzini tells me. "They have been hugely successful and given billions of dollars."
Kingdom of Lies begins with portraits of a series of mixed characters from this world: a kind of hacker version of The Canterbury Tales prologue. We know a tall, delicate German, whom Fazzini calls Sig Himelman (she changed the names of people, companies, and even some places). Himelman is considered an "influential hacker," although, like Diggle, he does not hack. In the summer of 2014, after too many meetings with the German police, he traveled to Romania and set up a business in one of the emerging hacking cities across eastern Europe. The technology company he founded looks a lot like a Silicon Valley start-up: a nice open-space office with beanbags. Himelman hired 10 hackers to attack US law firms. They filled the files of ransomware companies (malicious software intended to extort money) and then charged them between $ 500 and $ 5,000 for a key that allowed them access. Along with the key, Himelman's company provided a useful PowerPoint presentation explaining how the company could prevent attacks by other hackers. Himelman describes this as a kind of public service. He is also convinced that technology companies, even criminals, need to include women in their workforce and has hired a local girl, an English-language teenager named Rene Kreutz, to be his "customer support" department at your company.
While Kreutz is busy explaining to distressed and angry "customers" how they can regain control of their own systems, one man in Shanghai is developing a new method for penetrating US corporate systems. Bo Chou was formed, at least in part, by the Chinese government: he worked for a Shanghai-based unit of the Chinese People's Liberation Army, where his job was to attack US companies and steal their data. Fazzini says other hackers consider the Chinese to be basic, without grace or discretion. Bo Chou thought so too. He left the army and went to work for a hotel frequented by Western businessmen. It then began purchasing USB storage devices from a cheap southern China vendor, loaded them with malware, and distributed them in baskets at a nearby convention center with a notice mimicking the company logo sponsoring the conferences it hosted. they were there. "Free USB storage," the warning read. "Welcome!" When participants use one of their USB keys, Bo's malware is installed and he can access their computers, stealing as many spreadsheets and contact lists as he can find. Bo sells the information collected on an American website called Fiverr that provides business tools to entrepreneurs. "Companies love the breadth and depth of Bo's data, but they have no idea where it came from and they know it's best not to ask," Fazzini writes. On the other side of cyber wars, we have hackers known simply as "analysts", the white hats that work on the cyber security teams of big banks, trying to defend their systems from constant attacks. Many former spies also work in this area. Fazzini introduces us to a guy named Charlie Mack, who looks like a hero from the Homeland Security series. He is a Harvard-trained lawyer and former intelligence officer who worked in Benghazi, Libya, until the attacks on US facilities. He then went to work in cybersecurity at a large institution in New York, which Fazzini refers to as the pseudonym "NOW Bank", which is trying to avoid a major cyber attack, which his team has given the codename "Venice". "If Chinese hackers broke into the bank and stole their secrets?" Mack thinks as he goes on, heroically. "Yes, but that has been for some time. Will Russians be scrutinizing bank networks for information about Putin's 'friends' and enemies? Of course, but not in this particular case."
This time, the perpetrators appear to be Israelis extracting details about the bank's main investors, targeting us in a fraudulent investment scheme and then "laundering" the money with the help of a New Jersey guy who set up a baseball gift company. . More often, hackers use what they have found in a bank's internal records of future mergers and acquisitions to sell as inside trading. This scam, which was once exclusive to bank employees themselves, has allowed hackers to earn hundreds of millions of dollars on the stock market, Fazzini tells me. In his book, Charlie Mack tells his boss, "These men reap the full benefits of inside trading without having to deal with bankers, lawyers, or government agents. The luckiest bastard in the world." Mack misses being a spy, writes Fazzini. Sporadically, when an executive tells a bad joke about lawyers, he wants to say, "Listen, stupid … I was attacking Gaddafi's premises last year. Do you think I'm being too careful?" Fazzini also appears in passing in the book.
Attentive readers will spot her as the single mother of Charlie Mack's cybersecurity team, whose home burns. This really happened. In the timeframe covered by the book, she also went through a divorce and became a single mother. Fazzini thinks these difficulties may have helped her develop a closer relationship with many of the analysts and hackers she talks about in the book. "I've had a hard life in recent years, in a way," she confesses. "It caused some people to open up to me. There was a lot of sharing." Fazzini grew up in Ohio, where parents worked as teachers. She had a Commodore 64 computer as a child, on which she and the imam learned to program games. She also had a "black box", an electronic circuit that plugged into the phone and prevented the local telecommunications company from recording their calls so she could call her friends without paying. While studying English at Ohio State University, Kate …
(tagsToTranslate) Kate Fazzini (t) hackers (t) Julian Diggle (t) FBI (t) The Wall Street Journal (t) The Sunday Times / Atlantic Press (t) Charlie Mack (t) Rene Kreutz (t) Romania ( t) politics